Is AllowUnsafeUpdates=true the right way?

Have you ever seen the following message?

System.Exception: Microsoft.SharePoint.SPException: The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again. —> System.Runtime.InteropServices.COMException (0×8102006D): The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again.

Some programmers say immediately “You have to set AllowUnsafeUpdates on the Web to true and the error will be gone.” Some programmers will add: “And don’t forget to set it back to false when you’re done”.

However this brings some issues:

  • This will enable SharePoint to modify the data even during POST request types. So it can happen, that e.g the search server,  will modify the your SPListItems, while crawling.
  • Additionaly sometimes the AllowUnsafeUpdates is automatically set back to false, e.g. when calling a Parent web.

So how to deal with it?

If you want to enable the modifications only in GET request types (e.g. in OnClick handler), then use SPUtility.ValidateFromDigest(), before you want to modify the data in SharePoint.  This will automatically set AllowUnsafeUpdates to true if the request type is GET.

For more info see following cool posts:

What You Need To Know About AllowUnsafeUpdates

What You Need To Know About AllowUnsafeUpdates part 2

Advertisements

Tags:

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: